Filter
Top Products
Chapter 4 Command-Line Reference 4-79
1 (fin) – Finish
2 (syn) – Synchronize
4 (rst) – Reset
8 (psh) – Push
16 (ack) – Acknowledgement
32 (urg) – Urgent pointer
code-keyword-seq – The following code keywords can be specified, but must
follow the indicated sequence: fin | syn | rst | psh | ack | urg
(The code keyword must be ON if specified and OFF if not specified.)
■ fragments – The rule only matches packets with the More Fragments (MF) bit
set or with a fragment offset greater than zero. If fragment is not set, the rule
matches both fragment and non-fragment packets.
■ log – Logs any matching packets in the log buffer. The maximum number of
entries stored in the log buffer is 64. When the buffer fills, it wraps around and
overwrites the oldest entries. Note that the log is stored in RAM and is lost
when the switch is reset.
Default Setting
None
Command Mode
General Configuration
Command Usage
■ The system default is to stop all IP packets from passing from the down-link
ports to the management port (NETMGT). If you need the blades to access the
management network through the management port (NETMGT), you must set
a filter to permit specific frames to pass from the down-link ports through the
management port. Note that traffic is never allowed to pass from the up-link
ports to the management port.
■ A fragment is a packet where MF (more fragments) = 1 or Fragment Offset > 0.
If the fragments keyword is absent in a rule, then both fragments and non-
fragmented packets will be checked by the rule.
■ When specifying a code value and mask, the logic is that a packet matches if
<value in header> & <mask> == <value> & <mask>. For example, use the
code value and mask shown below to catch packets with the following flags
set: